Forum OpenACS Development: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages

20: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages (response to 19)

Posted by Eduardo Santos on 02/11/11 02:57 AM

Hi Dave,

Thank your for your answer, but I guess it won't work. It has to be called inside a method for xowiki::Weblog class, in an XoTcl perspective.

By the way, more info. I've just realized XoWiki upgrade failed because the name of some switches changed in form pages:

lead to error: unknown argument '-entries_of' for method 'instantiate_forms': valid arguments {-default_lang {}} {-parent_id {}} -forms:required -package_id:required Details: unknown argument '-entries_of' for method 'instantiate_forms': valid arguments {-default_lang {}} {-parent_id {}} -forms:required -package_id:required while executing "::xotcl::interpretNonpositionalArgs $args"

The old switch to form entries was entries_of and it was changed to forms. I guess I would have to manually change all the news page I have in my system before I can upgrade. Is it right?

22: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages (response to 20)

Posted by Gustaf Neumann on 02/11/11 02:03 PM

Dear Eduardo,

guess the error message comes from the prototype page "news". Actually, the upgrade scripts are supposed to add new revision to the instantiated prototype pages. In case, something went wrong, you can reload the prototype page via ds/shell (assuming the instance is called /xowiki, and the problem comes from the "news" prototype page

::xowiki::Package initialize -url /xowiki
$package_id import-prototype-page news

Hope, this helps